VeeamON 2021: Free Online Conference - Register Now VeeamON 2021: Free Online Conference - Register Now

Batch: List GPOs and GPO owners

Home Forums Scripting General Scripting Batch: List GPOs and GPO owners

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    guyt
    Member
    #101977

    I was doing some ACL cleanup in my environment and wanted to make sure the GPO owners are set according to our design docs (we assign a group and not individual account as object owner – available in W2K3’s GUI), so I came up with this short batch to do the trick:

    Code:
    @echo off

    Rem The script assumes you have dsquery and acldiag tools installed on the machine you are running the script from

    set AD_NC=”cn=policies,cn=system,dc=company,dc=com”

    set GPO_FILTER=”objectClass=groupPolicyContainer”
    set TEMP_FILE=”tmp_gpolist.txt”
    set TEMP_FILE2=”tmp_gpolist_paths.txt”

    del /f %TEMP_FILE% %TEMP_FILE2%
    if exist %TEMP_FILE% goto CANT_DELETE_FILE
    if exist %TEMP_FILE2% goto CANT_DELETE_FILE

    dsquery * %AD_NC% -l -filter %GPO_FILTER% > %TEMP_FILE%

    FOR /F “usebackq” %%i IN (%TEMP_FILE%) DO (
    acldiag %%i | findstr “Owner”
    dsquery * %%i -scope base -attr gpcFileSysPath | findstr /i “\” > %TEMP_FILE2%
    FOR /F “usebackq” %%j IN (%TEMP_FILE2%) do type %%jGPT.ini | findstr /I displayname
    echo ========================================================================
    )
    goto END

    :CANT_DELETE_FILE
    echo Failed to delete old temporary file. Exiting…
    goto END

    :END

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Free Online Conference - May 25th and 26th

VeeamON 2021: Free Online Conference

Join us to gain your professional edge with technical and visionary learning from the brightest minds in IT at the definitive conference for Modern Data Protection.

Register Now

Sponsored By